WarpBuild LogoWarpBuild Docs

Roles and Permissions

Understanding user roles and access control in Helios

Roles and Permissions

Helios uses role-based access control (RBAC) to manage user permissions across the platform with hierarchical organization and resource-specific roles.

Role Types

Organization Roles

Base access level across the entire platform.

Member - Default role for users

  • View organization-wide resources with "organization" visibility
  • Inherit base role for all resource-specific permissions

Admin - Administrative privileges

  • Full access to all organization resources and settings
  • Manage user roles, organization settings, and billing
  • Override any resource-specific permissions

Resource-Specific Roles

Assigned for specific resources (projects, workflows, integrations).

User - Basic consumption access

  • View resource details and configuration
  • Execute workflows and use integrations
  • Monitor results and logs

Editor - Create and modify resources

  • All User permissions
  • Create, update, and delete resources
  • Cannot manage permissions or sharing

Admin - Full control including permission management

  • All Editor permissions
  • Modify user access and sharing settings
  • Complete authority over the resource

Permission System

Hierarchy

Permissions follow this structure:

  1. Organization Level - Base permissions for all users
  2. Project Level - Permissions for specific projects
  3. Workflow Level - Permissions for individual workflows
  4. Integration Level - Permissions for specific integrations

Resolution Priority

When determining access, Helios uses this order:

  1. Resource-specific role (highest priority)
  2. Project-level role (for resources within projects)
  3. Organization role (base level)
  4. Default restriction (lowest priority)

Resource Permissions

Projects

User Role

  • View project details and workflows
  • Use project integrations
  • View variable/secret names (values hidden)

Editor Role

  • Create workflows in project
  • Modify project details
  • Create/modify variables and secrets
  • Delete workflows

Admin Role

  • Manage project permissions
  • Delete entire project
  • Full control over all project resources

Workflows

User Role

  • View workflow definition
  • Trigger execution
  • View runs and results
  • Access variables/secrets for execution

Editor Role

  • Modify workflow definition
  • Update metadata
  • Create/modify workflow variables
  • Cancel running workflows

Admin Role

  • Manage workflow permissions
  • Delete workflow
  • Full control over workflow settings

Integrations

User Role

  • Use integration in workflows
  • View integration metadata
  • Test connectivity

Editor Role

  • Modify integration configuration
  • Update authentication credentials
  • Refresh OAuth tokens

Admin Role

  • Manage integration permissions
  • Delete integration
  • Full control over integration settings

Visibility and Sharing

Organization Visibility

  • All members can see and use resource
  • Members inherit base organization role
  • Use for shared team resources

Restricted Visibility

  • Only explicitly granted users can access
  • No default access
  • Use for private or sensitive resources

Managing Roles

Adding Users

  1. Navigate to resource settings
  2. Click sharing/permissions
  3. Add user email or select from members
  4. Assign appropriate role
  5. Save changes

Modifying Roles

  1. Access resource permissions page
  2. Find user in permissions list
  3. Select new role from dropdown
  4. Save changes

Removing Access

  1. Access resource permissions page
  2. Find user in permissions list
  3. Click remove/delete button
  4. Confirm removal

Best Practices

Role Assignment

  • Principle of least privilege: Give minimum access needed
  • Regular reviews: Update permissions periodically
  • Team alignment: Match permissions to organizational structure
  • Documentation: Document permission rationale

Organization Setup

  • Limit admins: Minimize number of organization admins
  • Default policies: Establish standard visibility and sharing policies
  • Standardized onboarding: Create consistent permission processes
  • Proper offboarding: Remove access when users leave

Resource Management

  • Consistent naming: Use clear, consistent resource names
  • Logical grouping: Group related resources in projects
  • Access reviews: Regularly audit sensitive resource access
  • Audit logging: Monitor permission changes

Security Considerations

Sensitive Data

  • Use appropriate roles for secrets access
  • Limit integration credential access
  • Monitor audit trails
  • Ensure compliance requirements are met

Access Control

  • Strong authentication with 2FA
  • SSO integration for centralized control
  • Automatic session timeouts
  • Regular access audits

Troubleshooting

Common Issues

"Permission Denied" Errors

  • Verify required role for action
  • Ask admin to grant appropriate permissions
  • Check resource visibility settings

Cannot See Resources

  • Check if resources are "restricted" visibility
  • Verify organization membership
  • Request explicit access from admin

Cannot Share Resources

  • Admin role required for permission management
  • Check organization sharing policies
  • Verify resource type supports sharing

Getting Help

Last updated on

Key Concepts

Core concepts and terminology in Helios workflows, nodes, and integrations

Sharing

Share projects and integrations with your team